6. Configuring Your Firewall to Send IPFix Data to Splunk

Configuration

Configure your SonicWALL firewall to send IPFix data to Splunk.

Note Make sure that NTP is setup on your firewall. Splunk reads time stamps from the firewall log messages.

1. Log in to the firewall.

2. Select AppFlow > Flow Reporting > External Collector.

appflow.png

3. Configure as follows:

Firewall_config_for_Splunk.png

Connection Reporting Options

The connection reporting options are: Opened, Closed, Active Timeout, and Bytes Exchanged.

Opened

Closed

Active Timeout

Bytes Exchanged

Opened

• Provides real-time report­ing

• Does not provide total bytes sent

• Provides real-time reporting

• Provides bytes sent

• Provides two messages per flow

• Provides real-time reporting

• Returns bytes exchanged message

• Provides two messages per flow

• Does not provide total bytes sent

Closed

• Does not provide real-time reporting

• Provides one message per flow

• Provides total bytes sent

Active Timeout

Bytes Exchanged